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SECURE DATA COMMUNICATION SYSTEM 

,0 The present invention is related to a secure data 
communication system. More specifically, the present 
invention is related to a secure data communication system m 
which an end user is capable of interchanging data with 
host computer. 

Today, an increasing number of transactions are carried out 
between end users (e.g. at home) and host computers (e.g. of 
a bank) . These transactions can include money orders occurxng 
when an end user does "electronic shopping" (e.g. home order 
television) or the transmission of other sensitive data. 

in current systems, protection schemes include the encryption 
of the data by various algorithms (e.g. DES or RSA) . However, 
the transmission of information encripted according to such 
algorithms is not immune to wire tapping and subsequent 
decryption. The likelihood - of a- successful decryption . is 
increased by the increased -computational power of computer 
work stations avai-lable.-today., , . .., . 

30 Heiice, it is an objeictj of ^he present invention, to provide a.: 
simple but secure dat;^ dpmmunicat ion ^ ;^ which can ; be - 

implemeivted f or a viir't^aliy' unlimited numbe;^;;. of end. users. who . 
want to /communicate: ,wit:h a' host com ' ; 

35 TO solve this problern.-.th^i^present invention" teaches a secure 
data communication system'Jcomprising a .first computer • being 
adapted.; to transmit /.i:,eceive information, to/ from a second; 
computer via a f irst /.comftGanicat ion path, wherein the first 
computer is adapted to traijsmit/recei.ve Information to/from a 
40 second computer via a ..secohd communication path distinct - from 
the first communication p^th, the first computer is adapted 
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5 to split the information into at least two different portions 
of partial information prior to transmitting the information 
to the second computer, transmit the at least two different 
portions of partial information via the first and the second 
communication pfaths, respectively, the second computer being 

10 adapted to receive at least; two different portions of partial 
information from the first computer via said first and said 
second communication pathv sand combine the at least two 
• different portions of. partial -information to obtain the 
original information. . - 

15 ' ■ ■ • ■•■ - V. . . . ■ , ^ 

This concept makes^ it very .difficult if not impossible for 
any intruder to obtain the _ complete . information 
sent /received. Since the splitting of the information into 
various portions can be done in a manner unpredictable by an 

20 intruder, he/she' will noti be able, to obtain - the complete 
information by only tapping on. of said communication paths. 

Moreover, even if the intruder were able to tap both or all 
of^ ' said' comitiunication paths, there remains . still the 
25 difficulty for him/her t<D' (re) combine the obtained respective 
pdrtlons of the information in a useful manner. 

Preferably, the' first - land the: * second .computer . further 
comprise an information splitting/combination means to split 
30 ' information to ' be sent^ and^/x>r\.to. store, . received different 
' portions of -'^fiartial^ information and \tp.:> combine .said. r:eceived 
' ^ and stored " different. . port'i^:ns: : of;, partial -..information to 
obtain the original inf ormatron. , , : - : ^ 

35' This cain either be implemented^ in J:he ^respective computers 
themselves by ^software: programs >. or .:the, ^f irst -and , the second 
"computer - ~ are connected to.:'^ external hardware devices , 
respectively/' in which * these function ..are..- implemented (by a 
" suitably programmed cbmputer) ; ' ^ . :\ : % . • ^ , 
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5 The information splitting/combination, means also includes a 
determination- means (preferably implemented . by a software 
program) to determine anr splitting scheme according to which 
the different portions of par.tial •-information, from the first 
computer are splitted -and sent via- said first and said second 

10 communication path, to said second .computer. . - . . 

This-ailows for a pfeeudo-random splitting of the,,transmissipn 
of the ' different portions .of . partial infor^nation .from the 
first computer to the second computer (and vice versa) via 
the two communication paths. This scheme makes it virtually 
unpredictable for: an - intruder, .to: obtain the. complete 
information in a legible manner.: • ; • 



15 
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25 



30 



35 



40 



TO make" it even more, difficult, it is also possible, to 
additiohally reverse or at least change the. sequence oX the 
different portions of partial information in- each ..of the^two 
communication paths. 

The determ-ination means is , adapted .to deterinine the order . of 
splitting according to • a predetermined • scheme or a . r^andom 
scheme. A predetermined order scheme, is easier to implement 
(on the transmitting side as well as on the receiving side) 
but" also easier t6' be. found out. by -an.!intr.uder. . ^ 



A random order scheifie requires a, more. sophisticated mechanism 
or •^rot66ol-'^-- asefe-rtcrd=n =.the.. correct .concatenation o^^,..the 
diff'^rdht ■portio'ns.-!of ; partial^ -information . at •-^h.e. receiving 
side of the communication path.^ .i : :: . : . ;. s.. ; . 

■ The inventiioh- is ^alfeo- x:overing the concept, of transce.iving 
information that. :Jis accompanied . by. .a . .. PIN .(.Personal 
Identification Number ) :. and /or ;a.. TAN,- .-(.Transaction .. Number) . 
Accc^rding to the invention, the. PIN .and^ or- the. TAN as well as 
the information itself can .-.be. split ,accqrd.ing , to various 
schemes. One example is to sent any or all Arabic numerals 
through one communication path. while the remaining 
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information is sent through the other cprnmunicat ion path. 
Preferably, in the case of the two coininunication paths having 
different levels; of security, the. Arabic numerals would be 
sent through communicatipn^ path having the higher security 
level- 

Another possibility is to change the . communication path after 
each Arabic numeral character sentr. Thus,, especially the 
highly sensitive parts , of -the information, are broken into 
entities which: are meaningless (and hence worthless) to any 
intruder, v - ( . . . . ;. ; . ■ ^ 

In a preferred embodiment of the invention, the first 
communication path is provided in a terrestrial telephone 
system, and the second . communication path , is . provided in a 
cellular mobile telephone system. Especially the usage of the 
widely spread GSM (R) , PCS, CDMA .etc. . systems with their 
superior level :of safety .compared, to. land lines makes it 
extremely diff icult . for , an . intruder , to obtain the complete 
information transceived ( irrespective , of .whether or not the 
information is transmitted in an encrypted format or not) . 

The present invention also encompasses ,that the first and/or 
said- second computer -fur^ther ; comprises ..an information 
enbrypt ing/dfecrypt ing ; means r ..in . which -sa j d ^inf ormation is 
-encrypted: prior v to -being split _ into, said . a,t least two 
different portions of: p\a:rtl:al, information said information 
is encrypted : af ter b^ing>^.spli-t into . said at least two 
dif f erent - portions^of ;p,artial j inf prin^t Again, ,this can be 

implemented either.^ in:. t;he -respective . C9mputer^^^ . themselves by 
software programs, or the , ;f irst ^and _the. se.cond c^omputer are 
connected to external hardware devices in which these 
function are- implemented f; (>by ..a /suitably programmed, computer) . 

Encrypting the data: before- th.e:>.splitti.ng can. .be advantageous 
insofar, as the computational power for . the encryption 
algorithm needs to :be provided only; once while the 
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computational power to split- (and subsequently transmit) -the 
information is relatively limited. It can, however, .further 
increase the security to split the information . and . to 
independently encrypt the two parts - 6f the . information to.be 
-transmitted. 



in case the "natural"- sequence or the parts of. information is 
changed for gone' or ail' --of the' cdmmunication paths,, it is 
preferred to" provide kn information tagging means, in : which 
the at least two" different portions - of partial information 
are provided with markings containing an indication regarding 
the sequential order of the different portions of partial 
information. 

In a preferred- embodiment of the invention, the f.i.rst . ajid . the 
3 second Computer further comprises an information, processing 
" means in which information -received from a respective other 
■ computer- is ^ onlr processed upon an • authorization -indication 
generated' by a authorization computer, connected..- - to., the 
information "processing means. " .. 

^ usually, this authorization computer is provided at the host 
computer (i'-.e." the processing computer) of- a. bank or the 
like. This -pro6e^sing- computer-af the bank will . obtain the 
authorization from the authorization : computer which- is ■ not 

30 acc^e^sibf^' f^om-outside. Si^>e« the- process ing,.Qpmput.er. .of ,the 
bank ik 6T\it provided Vi^th- partfev-ef-. the inf orunaition required 
to calory- -a ^^certain -Vrah^actio^^ the... authorization 

computer is - not acceisibie ^ ftoA-- -outsider but ,only raccessible 
from the -prbb-essing^compvlfeer;^ -a:n :intrud ppt .be....able to 

35 obtain .thi^ 'complete -ih^format ion. •- . r.: .: . ^ .... . 

• The present inventiorf is -also^related to ,.a . pe.r ipheral. device 
:onnectable to a computer, said peripheral device comprising: 



40 



a first input/output connector, for., trans.ceiving information 
to/from ^ said ^comE)uter from/to . said: peripheral devisee, a 
second ihpiit/out-put connector for transce,iving .-information 
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5 to/from said peripheral-device ..frpro/to a first interface 
coniiectable to a first communication path, a third 
input/output connector for transceiying information to/from 
said peripheral device f rom/to- a second- interface connectable 
to a second communication: path,, and a controller for 

10 ^ controlli-ng the transmission/reception of information to/from 
said computer - from/ to* :sa id '^peripheral device,- processsing 
said information and transceiving .said information to/from 
said peripheral device from/to^ said first and/or second 
interface frbm/to said - :first ^ and/or second . communication 

15 patii. This' device can be . easily connected to a . PC or an 
intelligent telephone on the . one :side ' and , to a ..terrestrial 
telephone line and a mobile telephone (or a second 
terrestrial telephone: line)... in .order to set .up two 
communication paths- to a host computer (of a bank etc.) 

20 Alternatively, it is also possible to . use two, mobile 
telephones to set up -the two communication paths. 

Further features, - advantages,-: possible modifications and 
enhancements of the present invention .are explained in more 
25 detail in connection with the description of a presently 
preferred embodiment as schematically shown in the drawings. 

Fig.' 1 schematically shows a: block diagram of the system 
according to the present inviantion. . . : 

30 ' ; • ' .:^. : ^ 

Fig/ 2 ' schematically- -shows ; a:, block diagram, ^of .a . per ipheral 
device connectabie to a ^ cioinputer to: implement -the present 
inventionJ' ' ^- ... .^■::-:xi.. l ■ - ■ 

35 Fig.^ 3 is' a s'chematical '-f low^ chart for;-':the program of the 
computer in the per ipheral devic:e according; tOr Fig . 2, 

Fig. 4" shows" how - information/, presented^ , to the- peripheral 
device according to Fig: 2 is 'transformed by this, device. 
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In Fig. 1, a secure data communicataon system is shown. This 
system comprises -a - first computer- 10. being adapted to 
transmit/receive information to/from a second computer 12 via 
a first communication path. 14. This first computer , can .be 
implemented by a PC (personal, computer) having . a central 
processing unit ' including RAM, ROM,... hard disk drive, serial 
interface etc. , a- keyboard and ai. video screen,. Alteratively , 
this computer can ^Iso.be implemented by a ?' intelligent " 
telephone 16 having the: standard functions. -.of a ^telephc^ne 
plus the 'capability of enteiring and displaying one ox .more 
lines of -alphanumerical characters that are^ -to, be transceiyed 
by the- "intelligent" telephone. ; i. .. • • .. - . - , 



one commercially available product fulfilling these. criteria 
is the telecommunications enduser. d.evice "MULT I KIT" marketed 
20 by the applicant/ assignee of the present invention. This , 
computer/telephone 1-Oy 16 is connected to a peripheral device 
22. The peripheral device 22 provides (via a modem or the 
■ like) a connection to- f irst communication . path 14. ... T^is 
^ first communication path 14 is.-, .a terrestrial telephone 
25 network. ' . . . : - . i . 

Additionally, the first computer 10, 16 is adapted to 
^ transmit /receive- information, to/f rpm the, secqnd . compulier 12 
via a second communication, path, 2f)- which . is different, from 
30 the first communication path 14. To achieve this, the . 
per iphera 1 deVdee f :22 . -is .adapted r. '^o. . spl it , .,the .. inf or:ma^ion 
received •f rom-the. f irst : corapMter 10 , . 16 -Into^.^ two _ or . more 
different portions of partial information :prior to 
transmitting the information to the second computer 12. These 
35 portions of pa-rtial information .; are transmitted separately 
via the first and-- the .second .cpmmynication .paths. 14 , 20 . 
correspondingly, the second computer 12 is adapted to receive 
these two different portions.. of .partial, information froni the 
first computer - 10,- 16 ...via .the. fir^t .and the., second 
40 communication paths 14, 20, and to combine the two different ^ 
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portions of partial inforination .to . obtain the original 
(complete) information for further processing. 

More specif ically / the f irst ■compu.ter . :10,. 16 is connected to 
a serial interface 28 of' the peripheral device 22 which also 
includes an inforination splitting/combination functionality 
to store the information for further processing, i.e. to 
split inf ormation to be sent into : :dlf f erent portions of 
partial information' 'and to ■• combine received - different 
portions of partial inforination to : obtain the original 
information". " ' - . ■ - 

To achieve this, the irif oririationv splitting/combination device 
2 2 comprises a -microprocessor 3 0 (see Fig. 2) , a RAM memory 
32 connected thereto, two serial interfaces 34, 36 to provide 
connections to the mobile - telecommunications network ^20 and 
the terrestrial (fixed), network 14, respectively, and a 
(Flash-) ROM memory 38 tor a control software program.. .,^ ^ . 

The microprocessor ' 30 is also programmed to act . as a 
determination means for determining an splitting scheme 
according to which the different portions of partial 
information £rom the first 'computer 10,: 16 are splitted. and 
sent via the first and second^ communication paths 14 , 20 to 
the second " computer 12'1 ~ - ^ ' - : r.^ 

In the present embodiment, the entire" Inf ormation is ...splitted 
into different portions of partial information by changing 
the communication path ^ thorough which the ^inf ormation is . sent 
af ter each ''second character j , „ 7 : . 

More specifically, the- splitted*- -por^tions ' .of information are 
sent out in an alternating fashion through ..the : two- serial 
interfaces 34, 3 6 to the mobile telephone 18 having a data 
transmission/reception '* capability, : and^ tihe . ter.restial 
telephone network 14 , ' respectively. . The , . portion of the 
information sent out through the mobile: telephone, 18 is fed 
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into the mobile telephone. . network 20. Fron. • the mobile 
telephone network -20 the portion . of the information xs sent 
to a transceiving station 4 0 provided at the site of the 
second computer- -12. The- information received from the. mobxle 
network 26 ' is temporarily . stored-.- in an authorization server 



10 44 



parallel ' to the- transmission, of. ., inf.ormati.on through the 
wireless (mobile) communications, path 20, the peripheral 
device 22- feeds - ther other portion of - information into the 
terrestrial telephone network 14. The terrestrial telephohe 
network 14 feeds the information into a transceiving statxon 
42 ^ also provided at the. :site .of. the . second computer 12 . The 
-information deceived- by the transceiving. .station . 4 2 is fed 
into the second, (main) computer .. 1.2 ., Once the second computer 
12 receives information through the . terrestrial network 14 , 
the corresponding (still missing) , information . received vxa 
the mobile network': 20 is obtained by the . second pomput^r 12 
from the authorization server 4 4 in order to have the 
authorization server 44 to carry .out the., respective 
25 transaction. . .i . : , : - , - : - 

The second computer: 12: ('and/ or ^t he authorization .server '.44) 
- are programmed- to., carry ..out the .decryption and recombination 
required to reverse the transformation . of the information 
30 carried out in the first computer/telephone 10/16 or the 
per ipheral - device : 22> ; i : :• . .ij .:, £-. I . .. : ^ 

The ..icrbprot^essor" ja Vin tt^^:,p^i^^-\ 1^Vi.=e .2? ij . al=o 
programmed to act as a an in-formWlon eoorypting/decryptxng 
,5 mean, in which the information is encrypted prior to berng . 
split -into '. the.-, 'at., . twa . . different portions of partial 

information .'I • '^^ > 

Althdugh^the separation of , the. information into' two^ different 
40 channels . already provides . a.-, significant enhancement over 
current-procedures, an intruder actually capable of tapping a 
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5 both the terrestrial and the mobile telephone lines could 
obtain the complete information. Also,, an intruder capable of 
monitoring only one. of .the two telephone lines (preferably 
the terrestrial teljephpne line.) , could find out at least a 
"part of the sensitive inf o^ination (e . g . the . PIN of a user ) by 
10 monitoring and analyzing .a;_^suff,icient number of information 
transactions. : Hence, an- additional . encryption is desirable. 
To achieve this,- the information, can also be encrypted after 
being split .into the. two different portions of , partial 
information. r : . . 

Moreover, the micrpprQcessqr 3 0 is also programmed to act as 
an inf ormation tagging means ; in-, which . said at least two 
different portions (AB, CD-> EF, GH, IJ, KL) ^of partial 
information are. provided with markings (1, 2, 3, 4, 5, 6) 

20 containing ah indication regarding the sequential order of 
the different portions of partial information. This 
indication is a],so . be encrypted together with the information 
portions in- order to avoid an^ intruder being able to 
immediately gather the order- of the information transmitted 

25 via one or both communication paths.- . 

The microprocessor 30 can . carry,) out; a program according^ to 
the flow chart of Fig. 3. The corresponding transformation of 
^ the data structure is shown ; in Fig., 4 . _ - v. 
30 • : ^-v 7:^. - r:-,..:>-. ^.5. - 

- ■ It' is - understood that the; flowr of information, from th^ second 
computer to: 'the r first , can ^be carried . .out. in_ a. way 
corresponding to. the. prQcedure de^.s^^^^^^ 

35 ■ .... . - .... 
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1.' A secure - data communi^cation system comprising 

- a first computer (IC); -16) be=ing adapted to transmit/receive 
information to/from' a second computer ' (12) via. a. first 
communication path (14)-, -cliaracterdzed in that. 

- said f irst computer - ( l^, - - 16) being . adapted to 
transmit /receive -information to/ from' a second computer (12) 
via a second- communication p^th (20) distinct from said,;, first 
communication path (14), 

- said first computer (10, 16) being adapted to 

- - split ■ the information , into -at: least two different 
portions of partial- information prior . to transmitting the 
information to the second computer, 

- transmit the at least two ' different portions of partial 
information via said first and- said -. second communication 
path, . - . .. 

- said second computer ^ 12) being, adapted to . ■. 

- receive at least two di^f f erent portions of .partial 
■ information from the : first computer -via said f irst , and, said 

25 second communication path-, and 

- combine said at least two different portions of partial 
information to obtain the original information. 

2. The secure data commtirtication -system- of . claim l-, : wherein 
30 said first and/or said second computer further comprises 

- ah ■ ihf orm'atiori f- - splitting/ bombination > means .. to, split 
information^ to "be-seht and/or to -store - received- .different 
portions of partial- inf ormation" arid to combine said, .received 
and stored different portions of partial information to 

35 obtain the original information. 

3. The secure data communication system . of claim 1 or 2 , 
wherein each information splitting/combination means 
comprises 

40 - a determination means to determine an splitting scheme 
according to which the different portions of partial 
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information from the first, computer are splitted and sent via 
said, first and said second .cpmmunication path to said second 
computer. ■ . 

4. The secure data communication system of claim 3, wherein 

- the determination means , is adapted tp determine the order 
of splitting according to a predetermined scheme or a random 
scheme . . , . , „ 

5.. The secure data communication , system of claim 1, 2, or 
;3, .wherein , ^ 

- the first communication path is provided in a terrestrial 
telephone network, -and . . 

.-/the second communication path is. provided in a cellular 
mobile telephone network. 

6. . The- secure data communication system of any of claims 1 
.to: 5, wherein , the first- and/or said second computer further 
comprises - . , 

- an information encrypting/decrypting means in which 

- said information is encrypted prior to being split into 
said at least two different portions of partial information 
or 

- said information is encrypted after being split into said 
at least two different portions of partial information. 

7. The secure data communication system of any of claims 1 
to 6, wherein the first and/or said second computer further 
comprises 

- an information tagging means in which said at least two 
different portions of partial information are provided with 
markings containing an indication regarding the sequential 
order of the different portions of partial information. 

8. The secure data communication system of any of claims 1 
to 7, wherein the first and/or said second computer further 
comprises 
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5 _ an information processing means in which information 
received from a respective other computer is only :processed 
upon an authorization indication generated by a authorization 
computer connected to the information processing means. 

,0 9. A peripheral dfevice iconn^ctabie " to - a - computer,- said 
■peripheral device comptisihg: 

- a first input/output connector for transceiving information 
to/ from said computer from/to said peripheral device, 

- a second input/output " connector - for • transceiving 
,5 information to/from said peripheral - device from/to a first 

interface connectabie to k first communication path", 

- a third input/ output connector for transceiving information 
to/from said peripheral device from/to a second interface 
connectabie to a second communication path, and - - 

- a controller for controlling the transmission/reception of 
^information to/from said computer from/to said peripheral 

device, processsing said - information and transceiving - sa-xd 
information to/from said peripheral device from/to -said first 
and/ or second interface -from/W said first and/ or. second 
25 communication path. 
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